geoff-nixon · October 16, 2020 17:13
diff --git a/single sign on b/single sign on
 https://accounts.google.com/signin/v2/sl/pwd?

 service=mail

 &hl=en

 &uilel=1

 &continue=https://www.gmail.com

 &passive=true

 &ltmpl=default

 &flowName=GlifWebSignIn

 &flowEntry=ServiceLogin


 _________________________________________________



 https://accounts.google.com/signin/v2/sl/pwd?

 service=youtube

 &hl=en

 &uilel=3

 &continue=https://www.youtube.com

 &passive=true

 &flowName=GlifWebSignIn

 &flowEntry=ServiceLogin



 ________________________________________________


 Youtube first sign in set 4 cookies:

 1. remote-session-name {"data":"youtube-desktop","creation":1541948055176}

 2. remote-session-app  {"data":"Desktop","creation":1541948055176}

 3. remote-device-id    {"data":"f6b539df-f025-445d-b15e-cffe11be188b","expiration":1571461396512,"creation":1539925396512}

 4. remote-uilel	       {"data":"3","creation":1541947781364}


 ** After youtube sign out cookies remove

 ** If youtube sign out gmail also signout if refresh


 Activity table:


 1. service
 2. continue
 3. flowName
 4. flowEntry
 5. passive
 6. hl
 7. remote-session-name (password)
 8. remote-session-app
 9. remote-device-id 
 10.remote-uilel	
 11.uid
 12.browser_header (cookie hijacking)

 Login process:

 ** After login from gmail insert all data in activity table & set cookies in https://accounts.google.com

 ** If try to login in youtube from new tab https://accounts.google.com check cookies value isset or not.

 ** if isset check browser_header (cookie hijacking)
   remote-session-name | remote-device-id | 
   remote-uilel exits in database or not.

 ** if isset auto login from backend & redirect.
   
 ** Get uid from remote-session-name & insert new data in activity table & set cookies.
   


 Logout process:

 ** If logout from gmail remove all row from activity table related uid & Unset session

 ** Remove cookies from  https://accounts.google.com remote-session-name | remote-session-app | remote-device-id | remote-uilel 

 ** Set set interval check 30 for youtube uid exits table or not | Or set it in next refresh



 ________________________________________________

 ** Store logic :

 public function storeLoginActivity($password) {
  $logged_time = time();
  $expire = time() + (86400 * 30);
  setcookie('logged_time', $logged_time, time() + (86400 * 30), "/");
  $uid = md5($_SERVER['HTTP_USER_AGENT'] .  $_SERVER['REMOTE_ADDR'] . $logged_time);
  $cipher = "#&sdfdfs789fs7d";
  $encoded_password = base64_encode(openssl_encrypt($password, "AES-128-ECB", $cipher));
  DB::table('activity')->insert(
      ['user_id' => Auth::id(), 'password' => $encoded_password, 'uid' => $uid]
  );
  header ("Set-Cookie: logged_time=$logged_time; expires=$expire; path=/; domain=.kallyani.com.bd");
  return true;
 }
	https://accounts.google.com/signin/v2/sl/pwd?

	service=mail

	&hl=en

	&uilel=1

	&continue=https://www.gmail.com

	&passive=true

	&ltmpl=default

	&flowName=GlifWebSignIn

	&flowEntry=ServiceLogin


	_________________________________________________



	https://accounts.google.com/signin/v2/sl/pwd?

	service=youtube

	&hl=en

	&uilel=3

	&continue=https://www.youtube.com

	&passive=true

	&flowName=GlifWebSignIn

	&flowEntry=ServiceLogin



	________________________________________________


	Youtube first sign in set 4 cookies:

	1. remote-session-name {"data":"youtube-desktop","creation":1541948055176}

	2. remote-session-app {"data":"Desktop","creation":1541948055176}

	3. remote-device-id {"data":"f6b539df-f025-445d-b15e-cffe11be188b","expiration":1571461396512,"creation":1539925396512}

	4. remote-uilel {"data":"3","creation":1541947781364}


	** After youtube sign out cookies remove

	** If youtube sign out gmail also signout if refresh


	Activity table:


	1. service
	2. continue
	3. flowName
	4. flowEntry
	5. passive
	6. hl
	7. remote-session-name (password)
	8. remote-session-app
	9. remote-device-id
	10.remote-uilel
	11.uid
	12.browser_header (cookie hijacking)

	Login process:

	** After login from gmail insert all data in activity table & set cookies in https://accounts.google.com

	** If try to login in youtube from new tab https://accounts.google.com check cookies value isset or not.

	** if isset check browser_header (cookie hijacking)
	remote-session-name \| remote-device-id \|
	remote-uilel exits in database or not.

	** if isset auto login from backend & redirect.

	** Get uid from remote-session-name & insert new data in activity table & set cookies.



	Logout process:

	** If logout from gmail remove all row from activity table related uid & Unset session

	** Remove cookies from https://accounts.google.com remote-session-name \| remote-session-app \| remote-device-id \| remote-uilel

	** Set set interval check 30 for youtube uid exits table or not \| Or set it in next refresh



	________________________________________________

	** Store logic :

	public function storeLoginActivity($password) {
	$logged_time = time();
	$expire = time() + (86400 * 30);
	setcookie('logged_time', $logged_time, time() + (86400 * 30), "/");
	$uid = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] . $logged_time);
	$cipher = "#&sdfdfs789fs7d";
	$encoded_password = base64_encode(openssl_encrypt($password, "AES-128-ECB", $cipher));
	DB::table('activity')->insert(
	['user_id' => Auth::id(), 'password' => $encoded_password, 'uid' => $uid]
	);
	header ("Set-Cookie: logged_time=$logged_time; expires=$expire; path=/; domain=.kallyani.com.bd");
	return true;
	}